CVE-2009-0217
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
High
0.973 High
EPSS
Percentile
99.9%
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Affected configurations
References
blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161
git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7
git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7
lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
marc.info/?l=bugtraq&m=125787273209737&w=2
osvdb.org/55895
osvdb.org/55907
secunia.com/advisories/34461
secunia.com/advisories/35776
secunia.com/advisories/35852
secunia.com/advisories/35853
secunia.com/advisories/35854
secunia.com/advisories/35855
secunia.com/advisories/35858
secunia.com/advisories/36162
secunia.com/advisories/36176
secunia.com/advisories/36180
secunia.com/advisories/36494
secunia.com/advisories/37300
secunia.com/advisories/37671
secunia.com/advisories/37841
secunia.com/advisories/38567
secunia.com/advisories/38568
secunia.com/advisories/38695
secunia.com/advisories/38921
secunia.com/advisories/41818
secunia.com/advisories/60799
sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1
sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1
sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1
svn.apache.org/viewvc?revision=794013&view=revision
www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925
www.aleksey.com/xmlsec/
www.debian.org/security/2010/dsa-1995
www.gentoo.org/security/en/glsa/glsa-201408-19.xml
www.kb.cert.org/vuls/id/466161
www.kb.cert.org/vuls/id/MAPG-7TSKXQ
www.kb.cert.org/vuls/id/WDON-7TY529
www.mandriva.com/security/advisories?name=MDVSA-2009:209
www.mono-project.com/Vulnerabilities
www.openoffice.org/security/cves/CVE-2009-0217.html
www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
www.redhat.com/support/errata/RHSA-2009-1694.html
www.securityfocus.com/bid/35671
www.securitytracker.com/id?1022561
www.securitytracker.com/id?1022567
www.securitytracker.com/id?1022661
www.ubuntu.com/usn/USN-903-1
www.us-cert.gov/cas/techalerts/TA09-294A.html
www.us-cert.gov/cas/techalerts/TA10-159B.html
www.vupen.com/english/advisories/2009/1900
www.vupen.com/english/advisories/2009/1908
www.vupen.com/english/advisories/2009/1909
www.vupen.com/english/advisories/2009/1911
www.vupen.com/english/advisories/2009/2543
www.vupen.com/english/advisories/2009/3122
www.vupen.com/english/advisories/2010/0366
www.vupen.com/english/advisories/2010/0635
www.w3.org/2008/06/xmldsigcore-errata.html#e03
www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
bugzilla.redhat.com/show_bug.cgi?id=511915
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041
issues.apache.org/bugzilla/show_bug.cgi?id=47526
issues.apache.org/bugzilla/show_bug.cgi?id=47527
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717
rhn.redhat.com/errata/RHSA-2009-1200.html
rhn.redhat.com/errata/RHSA-2009-1201.html
rhn.redhat.com/errata/RHSA-2009-1428.html
rhn.redhat.com/errata/RHSA-2009-1636.html
rhn.redhat.com/errata/RHSA-2009-1637.html
rhn.redhat.com/errata/RHSA-2009-1649.html
rhn.redhat.com/errata/RHSA-2009-1650.html
usn.ubuntu.com/826-1/
www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7 High
AI Score
Confidence
High
0.973 High
EPSS
Percentile
99.9%